The runtime will check the permissions granted at each point on the stack, and move up the stack until either it finds the permission \ufffd at which point the code will be allowed to continue \ufffd or until it reaches the top of the stack, at which point an exception will be thrown.
Now, this is very strange to me. I've written stack-based security systems for MUDs before, and they always behaved exactly opposite to this; ie.,
every object in the call stack had to have permission to perform the operation (unless explicitly marked bypass, as in the case of a trusted daemon making a write to a secure log file).
With Microsoft's system, you just have to somehow get your code called by a trusted component, and away you go. The permissions will be in the call stack, and you'll have free reign.
Edited by
admin
Feb. 14, 2002, 09:43:24 AM EST
Stack-based security
The runtime will check the permissions granted at each point on the stack, and move up the stack until either it finds the permission at which point the code will be allowed to continue or until it reaches the top of the stack, at which point an exception will be thrown.
Now, this is very strange to me. I've written stack-based security systems for MUDs before, and they always behaved exactly opposite to this; ie.,
every object in the call stack had to have permission to perform the operation (unless explicitly marked transparent, as in the case of a trusted daemon making a write to a secure log file).
With Microsoft's system, you just have to somehow get your code called by a trusted component, and away you go. The permissions will be in the call stack, and you'll have free reign.
Regards,
-scott anderson
"Welcome to Rivendell, Mr. Anderson..."
Stack-based security